SonicWALL VPN Punto a Punto

hello again in this video we will see how to configure vpn is point to point then the first good gradation we are going to achieve them on the machine and in the menu we will go to the vpn s side we close here and come here in part d vdr before to start let’s explain good as would be the situation of the vpn configurations to ensure that then when selecting one mode or another you understand why we chose it why are you reading one path to set it high-pitched or the other Well the first thing we have to know is that the ips used by port 500 of retribution of the return the 4500 of p with which if “youve had” the routers in multi situate would have to redirect to the one of the firewall both ports 4500 and 500 dvd that on the one hand then we have to know what method of exchange the secret phrase of in this case of ips that we use with its optional protocol and that internet that chnier we are going to use the exchange method for depending on vary the situation we have in that specific network, use a programme or another to work correctly when we have both routers both systems that we are going to configure in vpn are in opposite mono and the ips public of both of both sites are hyper fixed in that case we will use a so it is called main model itself in case some of “thats really not” fulfill that one of the ips for example is dynamic or that one or both routers are in multi points we are going to use another mode that is the aggressive state vigorous state because very simple where reference is configure primary state the exchange of the secret phrase will be done with the hyper so that if we imagine that we are currently in one of the two sides of the structure contacts us the packet that is reaching us from the first firewall you require acquire establish the tunnel I am going to say to see of public material you come to me well Well, since it is in mono, the container that reaches the gala walk is the public IP directly with which it says ok I get from the 80 80 80 83 a convict secret that it is perfect because we establish the passage in forgiveness we demonstrate the link in the reverse direction and the other fire on the other side it says ok the time comes to me from the public ip that I hope the cake is so high if the bundle arrives and they have the same secret phrase with which we demonstrate the passage that’s the same from the exchange of the word mystery is does so with the simple public but what happens if for example one of the backs has a very simple multistation router, imagine that as the previous sample the carton starts from the other slope of the net that comes to me when I please when that packet reachings the router is if that router is so multiuser what the router is going to do is to encapsulate it with its own IP address with which the firewall will no longer It comes from public clean instantly but it arrives with the ip of origin of the router with which if the verb what you are asking is comes from the public ip such ta ta such that it is what it is but it sees that it is not it does not match automatically dumps the link and slashes itself off to avoid this which is the exchange of the secret phrases is does so with the simple public is used this aggressive that is done with a series of identifiers is better or worse my vigorous prototype of good in any case is not a security question but is is a different method of exchange the secret phrases but it won’t be better or worse it may sound like greg seismo disbelief that it is a strong vigorous that will force you not in all such cases it has nothing to do you can use sow the modeless Although he has the challenges, he is in a monkey and people are static because the exchange is simply does so with another way then well to be taken into consideration this and then pick “the worlds largest” correct way or ever choose that the earthquake but that you understand why one road is worked or another is used Well, we are going to configure it now, we do not see how we said it to the vpn part trains the first thing in the vpn place the united firewall identifier is the unique identifier of the firewall by default is always the name of the machine although you can change it it is recommended to use what comes by default because in this case when we have vpn tunnels if we have numerous with numerous firewall it is different one a lot of passages if we have several we pass in Barcelona and all the we call those from barcelona barcelona because we will have troubles from this nature we will avoid connection difficulties if we click on the include button we see that the type of policy that It will be from site to sites to a network n point to point the method of indications and give “its been” the internet that chnier that we were commenting on, let’s settled a refer to the vpn is so you just wanted to set vpn and now the ip address of the other side of the network where we are going to want to connect, for example we are going to framed 80 80 80 80 s& p secondary we will only leant it in the event that the football on the other side have another one by which we could have established the passage in instances of die of the primary if it has it because you can set here the public ip that does not It has it, so leave it as it is and it is here we are going to placed the secret phrase Well, what you want to made now with this, the bad is more expensive or not worth and then “were having” the place now and that id and the piri that and from this we are only going to see exploit when vigorous that as we mentioned we are going to use some different identifiers to public ips for the exchange of this mystery name that we have here because it is yes after having the same d no It is necessary to configure here nothing that we are going to use to earthquakes because now we have to use identifiers a very common identifier or use when we use the sony world firewall is to use the firewalls identifier who the hell is the identifiers that we had back here in this case the local and that will be the identifier of this firewall and the pir and that the identifier of the other firewall in reverse by tunneling into the other machine the local and what will be that of that machine and the peer and that will be that of this agree crusaders that we are going to use the same as then it is not necessary we leave it in grey as we had it and that’s it and we go to the network part in the utterance we have on the one entrust that we adopt the local network here we have an objective that is the primary subnet where is 1 x 0 does not matter to us the x 0 sub net is the same as is the lan sub network of the boundary x0 that “were having”, configure this machine if we had more interface than they are land with different places yes I envisaged for example x 0 is 192 128 10 x 3 is the right intervention 20 x is x 4 is 40 well if we want the remote network on the other side to have access to all those computer networks We can take by default the blank nets object that we have here, ok because in all those cases the strike region if “weve had” that they are different zones with various straddles because we can create a group of a group of objects of the structure the network of x0 is such the network of x2 is the network of which four are the we defined all the objects in a group and we gave it here in such a way that our local network would be all those your networks that we are going to use merely the ax but as a subnet well here we have it x 0 sub net now the end we will have to create it because by default it is clear that we would not have with which we come here to appoint soviets position and now we establish the network object of the other side I speak end network here in destination network we go to we say this important vpn type and the object nature will be network let’s is anticipated that on the other side y a network at x 0 that is of type 10 10 10 0 all the subnet of the 55 255 2 550 we want the object and we already have it now my local area network and my end system the following invoices propositions here in suggestions here where the same or vigorous we encountered what the hell is commented exchange with public ips analysis mod barter with ids we have another which is and which explanation 2 is also compatible with other types of machines personally I would recommend to use that same vigorous employment In this case for example we are going to use my portable thinking that the both routers are in mono position and the intellectual property rights are static these values we can leave because they are good by default the maximum accreditation triplets the method from express to one after m of 5 whatever you want to select with the default values they are the most optimal in all such cases when we tunnel or vpn on both sides the tunnel configuration these values have to be identical they cannot change and in advance well a check that we have here is important is this enable restrain alive by default the passages if this is not checked will fall when a 28,800 second idle season when there is no inactivity at that time the passage is close to age and it will be necessary to grow it again as we avoid this by commemorating on one of the two sides not on the two of this team to life strip alive what they are going to do is send a package of what we call a hearbeat for the tunnel is to maintain in this way even if there is no structure congestion work I do not know face we will give you here ok in this case as we have changed the firewalls identifier is telling me that promises a appreciate as I do not want to change it because I have decided to use abyss I left it as it came to me and until I was without conditioning and I once have my vpn tunnel against this other public ip that is the one on the other side should do the same on the other firewall and if everything goes well and is well configured as we have explained to who will appear a lettuce ball indicating that the tunnel has been raised and we would already have connectivity

You May Also Like